VAMPIRE

eBACS: ECRYPT Benchmarking of Cryptographic Systems


ECRYPT II
General information:IntroductioneBASHeBASCeBAEADeBATSSUPERCOPXBXComputersArch
How to submit new software:Tipshashstreamaeaddhkemencryptsign
List of primitives measured:lwcsha3hashstreamlwccaesaraeaddhkemencryptsign
Measurements:lwcsha3hashstreamlwccaesaraeaddhkemencryptsign
List of subroutines:verifydecodeencodesortcorehashblocksxofscalarmult

Measurements of public-key Diffie–Hellman secret-sharing systems on one machine: amd64; Core 2 45nm (1067a); 2009 Intel Core 2 Duo E7600; 2 x 3060MHz; wolfdale, supercop-20250307

[Page version: 20250425 10:21:13]

eBATS (ECRYPT Benchmarking of Asymmetric Systems) is a project to measure the performance of public-key systems. This page presents benchmark results collected in eBATS for public-key Diffie–Hellman secret-sharing systems:

Each table row lists the first quartile of many speed measurements, the median of many speed measurements, the third quartile of many speed measurements, and the name of the primitive. Measurements with large variance are indicated in red with question marks. The symbol T: (starting with supercop-20200816) means that the SUPERCOP database at the time of benchmarking did not list constant time as a goal for this implementation. The symbol T!!! means that constant time was listed as a goal for this implementation, but that the implementation failed TIMECOP. (TIMECOP failures are not necessarily security issues; they can sometimes be resolved by, e.g., declaring that a rejection-sampling condition is safe to declassify.)

There is a separate page with more information about each Diffie–Hellman system and each implementation. Designers and implementors interested in submitting new Diffie–Hellman systems and new implementations of existing systems should read the call for submissions.


Test results

Graphs: (pkcycles,pkbytes) (scycles,pkbytes)

Cycles to generate a key pair
25%50%75%system
405464128042016
T:
jacfp127i
425164322544223
T:
kumjacfp127g
471314780648519
T:
prjfp127i
486694926149936
T:
hecfp127i
712177196872780
T:
ecfp256e
732217386274451
T:
jacfp128bk
743267473475585
T:
ecfp256h
769297745878176
T:
ecfp256s
834718399184914
T:
ecfp256q
866208754789025
T:
hecfp128bk
869888785589092
T:
hecfp128fkt
872548813889239
T:
prjfp128bk
878548868689806
T:
hecfp128i
122890124508125714
T:
gls1271
126966127184128447
T:
curve2251
179228179289179419
T:
kumfp127g
293430294747296943
T:
curve25519
314654314804314993
T:
kumfp128g
320621322609323693
T:
sclaus1024
332649333736334960
T:
ed448goldilocks
369669371203373046
T:
ecfp256i
382687385861399539
T:
hector
401623402860409394
T:
kummer
415875417770420128
T:
surf127eps
498062498610498852
T:
nistp256
759294762432766384
T:
surf2113
164223516494571653818
T:
sclaus2048
166056416620651664169
T:
ed521gs
191353119151301917213
T:
nist521gs
212860321315632133781
T:
claus
Cycles to compute a shared secret
25%50%75%system
183590183625183714
T:
kumfp127g
187596187758188393
T:
kumjacfp127g
242787242914243058
T:
jacfp128bk
292167292312292963
T:
jacfp127i
294715295230296806
T:
curve25519
298909299066299416
T:
prjfp128bk
299483304019311134
T:
gls1271
306158306295306430
T:
hecfp128bk
317204317376317594
T:
hecfp128fkt
327110327177327375
T:
kumfp128g
353213353391353519
T:
ecfp256e
367673367969368229
T:
ecfp256q
370327370667370997
T:
ecfp256i
380920381199381377
T:
prjfp127i
389062389187389388
T:
hecfp127i
399969401515405732
T:
kummer
414338415832418235
T:
surf127eps
423641427652430165
T:
sclaus1024
438011438175438387
T:
ecfp256h
458187458434458706
T:
ecfp256s
522946524804524910
T:
curve2251
693083693780694218
T:
hecfp128i
744943763939764914
T:
surf2113
103442410360341041365
T:
ed448goldilocks
116628211667551166805
T:
nistp256
127994012818541297078
T:
hector
165023916545261657369
T:
ed521gs
191155119132491914648
T:
nist521gs
214624521860362227110
T:
sclaus2048
254364825459802556209
T:
claus